package com.kerrykidz.system.util.security;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import org.apache.shiro.web.filter.AccessControlFilter;

/**
 * 
 * @ClassName: SecurityAccessControlFilter
 * @description: SHIRO访问控制拦截器
 * @author: QUINN
 * @date: 2014年6月23日 下午5:09:44
 * @version: V1.0
 * 
 */
public class SecurityAccessControlFilter extends AccessControlFilter {

	@Override
	protected boolean isAccessAllowed(ServletRequest req, ServletResponse response, Object mappedValue)
			throws Exception {
		HttpServletRequest request = (HttpServletRequest) req;
		request.setAttribute(SECURITY_CONSTANTS.ACCESS_URL_KEY, request.getServletPath());
		return true;
	}

	@Override
	protected boolean onAccessDenied(ServletRequest req, ServletResponse response) throws Exception {
		HttpServletRequest request = (HttpServletRequest) req;
		if (request.getServletPath().equals("/security/test/tagtest.shtml"))
			return false;
		return true;
	}

}
